Don’t Let Criminals Hide Their Data Overseas

Congress is now considering long-overdue legislation that authorizes faster access to internationally stored electronic data needed to prosecute serious crime and disrupt terrorist plots in the United States, Britain and elsewhere. The legislation, the Clarifying Lawful Overseas Use of Data Act, or Cloud Act, would preserve law and order, advance the United States’ leadership in cybersecurity, ease restrictions on American businesses and enhance privacy standards globally. This is a priority for both of our governments.

American efforts to investigate crime and terrorism are increasingly impeded by a lack of access to data stored outside the country, even when it is held by companies subject to United States jurisdiction. Britain and other allied foreign governments face similar problems. All too often, officials in one country investigating a serious crime with victims in that very same country cannot get data they need simply because it is on a server halfway across the world. The internet is moving fast, and our legal constructs are not keeping up. This leaves tech companies in the difficult position of having to withhold information that could protect public safety.

To make matters worse, a case at the United States Supreme Court could leave our governments and others with no effective way to obtain vital evidence of serious crimes. Oral arguments are scheduled for Feb. 27 in that case, which asks whether Microsoft may comply with a United States warrant to disclose information related to an American crime stored on a cloud server in Ireland. Microsoft argues that it cannot.

Fortunately, there is a legislative solution to this problem that advances a model that empowers law enforcement. The Republican senators Lindsey Graham of South Carolina and Orrin Hatch of Utah, the Democratic senators Sheldon Whitehouse of Rhode Island and Chris Coons of Delaware, and members of the House have proposed legislation that would clarify the legal authority of the United States to obtain data stored in another country, and would authorize special agreements to resolve potential conflicts of law. The bill would authorize the attorney general to enter into such agreements, but only with allies that respect privacy and protect civil liberties, and that have records of promoting and defending due process. The first one would be with Britain, which already has the authority to enter into such a pact.

These agreements would not apply to foreign judicial orders directed at American citizens, or anyone in the United States, for that matter. Instead, the bill would promote swift justice among nations that share a common commitment to the rule of law, while protecting the privacy and safety of our citizens. The prime minister has stressed the great importance of the legislation to British authorities investigating criminal and terrorist activity. One of us, Paddy McGuinness, has testified before both houses of Congress to make the case for this change. President Trump adopted this priority upon taking office as part of his call for lawful access to information.

In addition to improved law enforcement, this model advances American leadership in cybersecurity. American and British innovation created the internet, and United States-based companies dominate the online landscape. With that central role in the internet comes a responsibility to work with partners that share our values to support their safety and security. Any nation motivated to enter into an agreement with the United States will have to meet American standards of due process and ensure a commitment to the rule of law, not authoritarian whim.